TJX Intrusion Highlights Pursuit of Corporate Data

Unlike hardware thefts such as stolen laptops, the TJX data theft proves that hackers and malware code writers are determined to get at sensitive corporate information.

The potentially massive data theft reported by discount retail conglomerate TJX Companies illustrates the continued efforts of hackers to rob businesses of their most valuable information.
On Jan. 17, the company, based in Framingham, Mass. which operates a handful of North American and European retail chains including T.J. Maxx, Marshalls, HomeGoods and A.J. Wright, reported that a computer systems intrusion may have compromised the personal data of an undetermined number of customers.

TJX officials said that outsiders were specifically able to gain access to the portion of its computer network that retains its customers credit card, debit card and check information, along with data related to merchandise return transactions.

The information involved was drawn from the companys T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the United States and Puerto Rico, along with its Winners and HomeSense stores in Canada.
TJX said the data theft may also affect customers of its T.J. Maxx stores in the United Kingdom and Ireland, as well as its Bobs Stores chain in the United States.
TJX operates an estimated 2,500 retail locations in total.
While the company did not reveal how many customers may be affected by the incident, TJX said that a majority of the data involved is related to individuals who shopped at its stores in the United States, Canada and Puerto Rico during 2003, and between May and December 2006.
Company officials said that they have been able to isolate a limited number of credit and debit cardholders whose information was removed from its systems, as well as a smaller group of people whose drivers license details were stolen.
In addition to working with all major credit and debit card firms to help investigate any related fraud, along with law enforcement officials including the U.S. Department of Justice, U.S. Secret Service and the Royal Canadian Mounted Police, TJX said it has directly contacted individuals whose information was known to have been exposed via the intrusion and is offering additional customer support to people concerned that their data may have been compromised.
A number of banks have issued warnings to customers whose data may be involved in the incident, as have the credit card brokers.
TJX said it kept a lid on the details of the intrusion up until now at the request of law enforcement officials. This quiet period has become a common practice as investigators attempt to gather evidence of data incidents before details of the events are made public.
Since the break-in was discovered, TJX said it has "significantly strengthened the security of its computer systems" and hired IT specialists General Dynamics and IBM to help further investigate the intrusion and assess the volume of data that may have been stolen.
Click here to read more about how data thieves are targeting the enterprise.
"Since discovering this crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems and we believe customers should feel safe shopping in our stores," Ben Cammarata, chairman of TJX Companies said in a statement.
"Our first concern is the potential impact of this crime on our customers, and we strongly recommend that they carefully review their credit card and debit card statements and other account information for unauthorized use."
TJX said it is continuing its investigation to determine whether any additional customer information may have been compromised.
Next Page: Data theft versus hardware theft.